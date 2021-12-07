The explosion of digital cryptocurrencies has been incredibly accelerated from 2017 to today, and even more so after the lockdowns of the Covid19 pandemic, where the movements of the financial market have left many observers and experts speechless and ignited the spirits of an ever-growing community of enthusiasts and crypto investors.

The leader of this new varied form of investment is Bitcoin. In addition to being very often mentioned in the generalist press in approach to cyber attacks and at digital extortion, in fact – this and the hundreds of other cryptocurrencies out there – are one form of investment increasingly adopted, the abuse of which is present similarly to what happens for traditional digital coins and transactions.

So much has the phenomenon of investments in digital currencies exploded, so much has Bitcoin become a commodity that large masses of people outside the financial markets want to have as a sort of lottery ticket, some thoughtfully, some less.

In fact, however, only a few of these crypto-investors are particularly careful in how they interact with digital assets and in the way they access their virtual safes.

As thriving as the new cryptocurrency market is, there is a flip side. If we get off the horse of the “enthusiast” and look at the phenomenon from the eyes of a digital thug, there is no need to rest assured.

Accessing a person’s funds directly has never been easier: an almost totally deregulated market, a large technological and digital component, and a lot of hype that attracts new investors, unfamiliar with digital tools and often unconscious and impulsive.

Bitcoin scams: the risks of cryptocurrencies and security solutions

Threats to crypto-wallets

The conformation of new cryptocurrency and Bitcoin investors looks a lot like the list of ingredients for a perfect digital storm: on the one hand inexperience and on the other sequences of bits and codes that have direct monetary value. The ingredients are simple, but the ways in which a crypto investor’s digital accounts can be emptied are more than one.

Tips and practical tools to defend against cyber attacks

Let’s see the main ones.

SIM Swapping

When we talk about SIM swapping, the thought immediately goes to the terrifying scenario of the account take-over, ATO in jargon. Account Take-Over is how security experts refer to taking full control of an account, an online profile or – in this case – a digital wallet.

However brutal, the very idea of ​​having someone inside our wallets and accounts, there is a detail that characterizes an ATO scenario: it is not just a four-handed presence, but the attacker becomes the de facto the only person authorized to access the account.

Through SIM Swapping attacks, cyber criminals manage to achieve this devastating effect, which in a couple of hours literally empties every fund in the digital wallet.

Those who have been victims testify to an experience bordering on desperation, a feeling like “feeling that your pension fund – your future – has vanished”.

This is why it is increasingly recommended to avoid the mobile number as a double factor authentication method only, or as a unique method for restoring online access.

On the issue it is absolutely important to keep the spotlight well focused because the current risk condition is serious: following a wave of attacks of this type, the Wall Street Journal has asked about the trends in malicious takeovers of trading accounts and Binance, the world’s largest crypto exchange, refused to respond to requests for comment. Element that speaks volumes about the actual gravity of the situation.

Info-Stealer Malware

Digital currency is by definition operated exclusively by digital devices. Laptops or smartphones little change, in fact these devices are even more at risk of cyber attack because the massive installation of malware it is already one of the routines of cybercriminals.

Most of the widespread malware is oriented towards the establishment of botnets, many others are specialized in defrauding customers of traditional banking services, but over 25% are of the information stealer (Infostealer) type.

These malware are specialized in the theft of all kinds of information and secrets saved inside the computer, from the credentials in the browser, to the email logins, up to every single key typed on the keyboard.

The specialization is such that very often the infostealer malware families do not require any installation of the malware in the reboot mechanisms of the device, they simply remain active in the volatile memory of the machine and steal data as it is inserted.

Once the access credentials to the digital wallets, the active sessions, and perhaps even the passwords of the crypto-exchange registration mailbox have been stolen, it is only a matter of time: the attempt to access the funds will take place with mathematical certainty.

Clipper Malware

Moving currencies has always been considered a high-risk operation in financial circles. The order to move the funds is often carried out in the face of dispositive authorizations, second level authentications and audit confirmations.

The naturalness and ease with which digital money can be handled today is a double-edged sword: the speed of execution is accompanied by a machine-friendly environment far from the operator’s intuition.

If, for example, an IBAN bank coordinate is at least partly rememberable even by occasional operators, because in its structure there are mnemonic elements, when instead we are faced with the equivalent of bank details in the world of cryptocurrencies, the scenario is totally different. : wallet addresses are purely random, unique alphanumeric strings without a structure, simple sequences of characters and numbers in no particular order.

And that’s where another family of malware has entered. Clipper-type malware exploits the difficulty humans have in distinguishing the coordinates of digital wallets. Malware clippers insert themselves between the copy and paste of the operator and alter the value of the Bitcoin, Ethereum, Cardano, Tether, XRP, Dogecoin, Shiba inu addresses etc.

This means that the transfers that the unfortunate investor will make via the clipper malware-infected device will be systematically redirected to a wallet under the control of cyber criminals, even if the authentication was secure, even if the multifactor confirmations have been made and the address wallet was copied from a verified source.

Cross-platform Bitcoin Clipper (OSX, Windows, Linux) written in 32 lines of code.

Crypto scams on Discord and Telegram: what they are, how to recognize them and defend yourself

Three tips for investing in security

The cyber threats that are increasingly emerging among crypto investors must be taken seriously.

It is possible to prevent them, discipline and awareness are needed. However, there are some tricks to evaluate as soon as possible, here are which ones.

Hardware ledger

Needless to say. The wallet – even if digital – is best kept securely in your pocket. The hardware ledger represents the state of the art in security at this juncture, the private keys to the cryptocurrency wallets are stored in dedicated hardware, a mini operating system with a single goal: protection and security of digital currencies.

In addition to protecting the private keys of the crypto-wallets, the hardware ledger also allows you to sign and authorize every single transaction, forcing the use of extremely secure device confirmations and forcing the use of an external device for each Bitcoin and token-based handling. on EVM (Ethereum Virtual Machine).

Training and attention

If the technological component becomes fundamental for the safety of cryptocurrency investors, no less attention must be paid to awareness of threats.

Fraud is the order of the day, and even more so in the digital world, where the extreme complexity and speed in introducing new technologies opens up a lot of room for maneuver for scammers, who target the most susceptible new crypto investors. For this it is extremely important to work on awareness, to train one’s critical thinking to increase the ability to identify scam attempts.

Safe place

To think that multi-factor authentication and authorization and a circumspect attitude towards potential scammers are enough is a huge mistake. All the more fatal as the amount of crypto currencies that have been invested.

There are attacks that simply defeat what we commonly hear answered the question “how do I secure my crypto wallet?”. If the answer is “use the hardware ledger” and “be careful”, unfortunately, it is not enough anymore.

This was demonstrated in August 2021 by two researchers from Michigan State University, who have developed and tested an attack scenario that is much more than plausible for the times to come: it is called EthClipper, a particular attack that aims to destroy the assumptions and certainties of the most careful hardware wallet owners.

Basically EthClipper works like a malware clipper, but on steroids. In fact, this attack is capable of replacing the destination wallets of the transactions that crypto operators and investors make invisibly every day. Malicious addresses are in fact generated with techniques that allow the hacker to obtain malicious wallets visually similar to the real destination ones: this means that even the most attentive, who usually check the beginning and end of the addresses, are completely at risk even if they use confirmations. and address checks on the hardware ledger.

Conclusions

For the reasons just seen, it is necessary to carefully evaluate the risks involved in operating sums of cryptocurrency in a domestic manner.

It is very important to observe and be inspired by structured sectors such as banking, which has coexisted with similar risks for decades, and to grasp a great lesson: the workstations where transactions take place must be safe.

Therefore, for those who are preparing to operate cryptocurrencies it is extremely advisable to have dedicated terminals, to be kept isolated as much as possible, updated, and on which to operate exclusively the actions on digital assets, detaching as much as possible the recreational use from the financial one.

The functioning scheme of the EthClipper attack.

Energy and Blockchain: what opportunities?

